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Role-based access control on the web 

February 2001 ACM Transactions on Information and System Security (TISSEC), volume 

4 Issue 1 
Publisher: ACM Press 

Full text available* f£] pdf(331 03 KB) Addit ' onal Information: full citation , abstract , references , citings , index 
. i^j-h— terms, review 

Current approaches to access control on the Web servers do not scale to enterprise-wide 
systems because they are mostly based on individual user identities. Hence we were 
motivated by the need to manage and enforce the strong and efficient RBAC access 
control technology in large-scale Web environments. To satisfy this requirement, we 
identify two different architectures for RBAC on the Web, called user-pull and server-pull. 
To demonstrate feasibility, we im ... 



Keywords: WWW security, cookies, digital certificates, role-based access control 



Dancing with the devil: faculty assessment process transformed with web technolo gy 
Luis O. Hernandez, Karen Wetherby, Mahmoud Pegah 

October 2004 Proceedings of the 32nd annual ACM SIGUCCS conference on User 

services 
Publisher: ACM Press 

Full text available: ^pdf(270.13 KB) Additional Information: full citation , abstract , references , index terms 

Ringling School's Institutional Technology, in partnership with the Dean of Faculty Office 
has assessed, planned, and implemented a web-based paperless Course and Faculty 
Assessment package using home-brewed software components. At our institution, the 
Course and Faculty Assessment package has transformed the traditional faculty evaluation 
process into a pedagogically effective paperless protocol. Although the faculty assessment 
process is straight forward, it is a labor-intensive activity fo ... 

Keywords: LDAP, MySQL, apache, course evaluation, database, development, faculty, 
history, java, testing, tomcat 



Articles: An Open Web Services Architecture 
Stan Kleijnen, Srikanth Raju 
March 2003 Queue, volume l issue l 

Publisher: ACM Press 

Full text available:g pdf(1 Q 59 MB) gl Addjtjona| |nformation: fullcitation , index terms 
html(24.96 KB) 
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Im provin g the granularity of access control for Windows 2000 

Michael M. Swift, Anne Hopkins, Peter Brundrett, Cliff Van Dyke, Praerit Garg, Shannon Chan, 
Mario Goertzel, Gregory Jensenworth 

November 2002 ACM Transactions on Information and System Security (TISSEC), 

Volume 5 Issue 4 
Publisher: ACM Press 

Full text available: IB pdf(447.78 KB) Additional Information: full citation, abstract , references, citings, index 
. \^m—x : terms , review 

This article presents the mechanisms in Windows 2000 that enable fine-grained and 
centrally managed access control for both operating system components and applications. 
These features were added during the transition from Windows NT 4.0 to support the 
Active Directory, a new feature in Windows 2000, and to protect computers connected to 
the Internet. While the access control mechanisms in Windows NT are suitable for file 
systems and applications with simple requirements, they fall short of the ... 

Keywords: Access control lists, Microsoft Windows 2000, Windows NT, active directory 



Filing system interfac es to sup port distributed multimedia applications 
Stephen Childs 

September 1998 Proceedings of the 8th ACM SIGOPS European workshop on Support 
for composing distributed applications 

Publisher: ACM Press 

Full text available: Q pdf(754.41 KB) Additional Information: full citation , index terms 



6 Migrating to role-based access control 
Kami Brooks 

October 1999 Proceedings of the fourth ACM workshop on Role-based access control 
Publisher: ACM Press 

Full text available: |£| pdf(1.22 MB) Additional Information: full citation , references, index terms 



Keywords: Tivoli Management Environment, enterprise systems management, migration, 
role-based access control, security management 



Virtual enterprises: building blocks for dynamic e-business 
Nitin Nayak, Kumar Bhaskaran, Raja Das 

January 2001 Australian Computer Science Communications , Proceedings of the 

workshop on Information technology for virtual enterprises ITVE '01 , 
Proceedings of the workshop on Information technology for virtual 
enterprises ITVE '01, volume 23 issue 6 

Publisher: IEEE Computer Society , IEEE Computer Society , IEEE Computer Society Press 

Full text available: 1 § pdf(829.66 KB) 

J§T Additional Information: full citation , abstract, references 

ffl f Publisher Site 

Dynamic e-business, as envisioned by several industry analysts and corporate leaders, 
involves the rapid teaming of companies with both familiar and new business partners in 
pursuit of specific market opportunities. For realizing this new generation business model, 
the ability to form, operate, and disband virtual enterprises will be the single-most 
important requirement. These short-lived, opportunity-based organizations leverage the 
individual capabilities of several member companies to form v ... 

Keywords: collaborative commerce, dynamic e-business, next-generation e-markets, 
vendor coalitions, virtual corporation, virtual enterprises 



http://portal.acm.org/resultsxfo7CT 1/7/2006 



Results (page 1): "directory server" +"role based" 



Page 3 of 4 



8 Access Control Models and Mechanisms: Partial outsourcin g : a new paradigm for 
access control 

Joerg Abendroth, Christian D. Jensen 

June 2003 Proceedings of the eighth ACM symposium on Access control models and 
technologies 

Publisher: ACM Press 

Full text available: *Q pdf(304.19 KB) Additional Information: full citation , abstract , references , index terms 

Various security models have been proposed in recent years for different purposes. Each 
of these aims to ease administration by introducing new types of security policies and 
models. This increases the complexity a system administrator is faced with. Ultimately, 
the resources expended in choosing amongst all of these models leads to less efficient 
administration. In this paper, we propose a new access control paradigm, which is already 
well established in virus and SPAM protection as partial dele ... 

Keywords: ASCap framework, access control, active software capabilities, partial 
outsourcing 




9 Access control: First experiences usin g XACML for access control in distributed 
^ systems 

^ Markus Lorch, Seth Proctor, Rebekah Lepro, Dennis Kafura, Sumit Shah 
October 2003 Proceedings of the 2003 ACM workshop on XML security 
Publisher: ACM Press 

Full text available: fg| pdf(459.30 KB) Additional Information: full citation , abstract, references , citings, index 
^ terms , review 

Authorization systems today are increasingly complex. They span domains of 
administration, rely on many different authentication sources, and manage permissions 
that can be as complex as the system itself. Worse still, while there are many standards 
that define authentication mechanisms, the standards that address authorization are less 
well defined and tend to work only within homogeneous systems. This paper presents 
XACML, a standard access control language, as one component of a distributed a ... 

Keywords: access control decision, access control enforcement, authorization, distributed 
system security, policy language, policy management 



10 Integ ratin g security policies via Container Portable Interce ptors Q 
Tom Ritter, Rudolf Schreiner, Ulrich Lang 

November 2005 Proceedings of the 4th workshop on Reflective and adaptive 
middleware systems ARM '05 

Publisher: ACM Press 

Full text available: |g| pdf(551 .78 KB) Additional Information: full citation , abstract , references , index terms 

In the past, it was very common to develop middleware without consideration of security 
from the very beginning. To integrate security, the middleware that should be protected 
has to provide appropriate hooks and interfaces, and has to meet the requirements of 
security. In most cases it is not possible to develop a new, secure middleware from 
scratch. It is only possible to make minor modification to existing systems. In this paper 
we describe the successful integration of a CORBA Component base ... 

Keywords: CORBA component model, CORBA portable interceptors, Container Portable 
Interceptors, policy management framework 

11 A survey of peer-to-peer content distribution technolo gies Q 
^ Stephanos Androutsellis-Theotokis, Diomidis Spinellis 

V December 2004 ACM Computing Surveys (CSUR), volume 36 issue 4 
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Publisher: ACM Press 

Full text available: ^ pdf(517.77 KB) Additional Information: full citation , abstract , references , index terms 

Distributed computer architectures labeled "peer-to-peer" are designed for the sharing of 
computer resources (content, storage, CPU cycles) by direct exchange, rather than 
requiring the intermediation or support of a centralized server or authority. Peer-to-peer 
architectures are characterized by their ability to adapt to failures and accommodate 
transient populations of nodes while maintaining acceptable connectivity and 
performance. Content distribution is an important peer-to-peer application ... 

Keywords: Content distribution, DHT, DOLR, grid computing, p2p, peer-to-peer 
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A pplications II: Embedding JAAS in a gent roles to apply local security policies 
Giacomo Cabri, Luca Ferrari, Letizia Leonardi 

June 2004 Proceedings of the 3rd international symposium on Principles and practice 
of programming in Java PPPJ '04 

Publisher: Trinity College Dublin 

Full text available: ^pdfd 06.63 KB) Additional Information: fu ll citation , abstract , references 

Agents are an emerging technology that grants programmers a new way to exploit 
distributed resources. Roles are a powerful concept that can be used to model agent 
interactions, allowing agents to dynamically acquire operations to make specific tasks, 
and enabling separation of concerns and code reusability. Nevertheless roles should be 
developed taking into account permissions needed for the execution of their operations. 
The standard Java policy file mechanism does not suffice in this scenario, ... 



□ 



Keywords: Java agents, authentication, local policies, roles 



2 Role Engineerin g : A scenario-driven role engineering process for functional RBAC I I 
^ roles 

^ Gustaf Neumann, Mark Strembeck 

June 2002 Proceedings of the seventh ACM symposium on Access control models and 
technologies 

Publisher: ACM Press 

Full text available* -fSl Ddff 1 71 50 KB) Additional Information: full citation , abstract , references , citings , index 
! terms 

In this paper we present a novel scenario-driven role engineering process for RBAC roles. 
The scenario concept is of central significance for the presented approach. Due to the 
strong human factor in role engineering scenarios are a good means to drive the process. 
We use scenarios to derive permissions and to define tasks. Our approach considers 
changeability issues and enables the straightforward incorporation of changes into 
affected models. Finally we discuss the experiences we gained by app ... 

Keywords: role engineering, role-based access control, scenarios 



3 Service reasoning and monitoring: Associating assertions with business processes I I 
and monitoring their execution 
Alexander Lazovik, Marco Aiello, Mike Papazoglou 

November 2004 Proceedings of the 2nd international conference on Service oriented 
computing 

Publisher: ACM Press 
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Full text available: ^) pdf(518.27 KB ) Additional Information: full citation , abstract , references , index terms 

Business processes that span organizational borders describe the interaction between 
multiple parties working towards a common objective. They also express business rules 
that govern the behavior of the process and account for expressing changes reflecting 
new business objectives and new market situations. 

In our previous work we developed a service request language and support framework 
that allow users to formulate their requests against standard business processes. In this 
paper we ... 

Keywords: management, monitoring, quality, service and AI computing, service delivery, 
theoretical frameworks for service representation and composition 

4 Responsibilities and Rewards: Specifying Design Patterns Q 
Neelam Soundarajan, Jason O. Hallstrom 

May 2004 Proceedings of the 26th International Conference on Software 
Engineering ICSE '04 

Publisher: IEEE Computer Society 

Full text available: *^ pdf(181.41 KB) Additional Information: full citation , abstract , index terms 

Design patterns provide guidance to system designers onhow to structure individual 
classes or groups of classes, aswell as constraints on the interactions among these 
classes,to enable them to implement flexible and reliable systems. Patterns are usually 
described informally. While such informaldescriptions are useful and even essential, if we 
wantto be sure that designers precisely and unambiguously understandthe requirements 
that must be met when applyinga given pattern, and be able to reliably ... 

5 Evaluating the portability of revision rules for incremental summary generation I I 
Jacques Robin 

June 1996 Proceedings of the 34th annual meeting on Association for Computational 
Linguistics 

Publisher: Association for Computational Linguistics 

Full text available: fQ pdf (821.07 KB) 

Jsf Additional Information: full citation , abstract , references 

ffll' Publisher Site 



This paper presents a quantitative evaluation of the portability to the stock market 
domain of the revision rule hierarchy used by the system STREAK to incrementally 
generate newswire sports summaries. The evaluation consists of searching a test corpus 
of stock market reports for sentence pairs whose (semantic and syntactic) structures 
respectively match the triggering condition and application result of each revision rule. 
The results show that at least 59% of all rule classes are fully portabl ... 

6 Composition and interfaces within software architecture Q 
Helgo M. Ohlenbusch, George T. Heineman 

November 1998 Proceedings of the 1998 conference of the Centre for Advanced 
Studies on Collaborative research 

Publisher: IBM Press 

Full text available: ^ pdf(231.55 KB) Additional Information: full citation , abstract , references , index terms 

The Software Architecture community has developed a common vocabulary for describing 
software components and their interconnections. However, the structure of ports and 
roles have been too simplistic for capturing even simple examples. This paper explores 
the part that composition and inheritance play in defining interfaces using ports and roles. 
We discuss these concepts within the context of the JavaBeans component model and 
show how to capture the complexity inherent in the interfaces of comp ... 

7 Architecting families of software systems with process algebras I I 
Marco Bernardo, Paolo Ciancarini, Lorenzo Donatiello 

October 2002 

http://portal.acm.org/resul^ 1/7/2006 
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ACM Transactions on Software Engineering and Methodology (TOSEM), 

Volume 11 Issue 4 
Publisher: ACM Press 

Full text available: 1pdfQ58.61 KB) Additional Information: full citation , abstract, references , citings, index 

terms , review 

Software components can give rise to several kinds of architectural mismatches when 
assembled together in order to form a software system. A formal description of the 
architecture of the resulting component-based software system may help to detect such 
architectural mismatches and to single out the components that cause the mismatches. In 
this article, we concentrate on deadlock-related architectural mismatches arising from 
three different causes that we identify: incompatibility between two com ... 

Keywords: Architectural mismatch detection, architectural styles, process algebras, 
software architectures 



8 Linkin g syntactic and semantic arguments in a dependency-based formalism I I 
Christian Korthals, Ralph Debusmann 

August 2002 Proceedings of the 19th international conference on Computational 

linguistics - Volume 1 
Publisher: Association for Computational Linguistics 

Full text available: ^ pdf(1 19.70 KB) Additional Information: full citation , abstract , references 

We propose a formal characterization of variation in the syntactic realization of semantic 
arguments, using hierarchies of syntactic relations and thematic roles, and a mechanism 
of lexical inheritance to obtain valency frames from individual linking types. We embed 
the formalization in the new lexicalized, dependency-based grammar formalism of 
Topological Dependency Grammar (TDG) (Duchier and Debusmann, 2001). We account 
for arguments that can be alternatively realized as a NP or ... 

9 Book review: Subsy mbolic Natural Lang ua g e Processin g : A n Inte grated Model of I I 
Scripts, Lexicon, and Memory by Risto Miikkulainen (Bradford Books, MIT Press 

^ 1993) 

Changsin Lee 

October 1995 ACM SIGART Bulletin, volume 6 issue 4 
Publisher: ACM Press 

Full text available: HiS pdf(367.39 KB) Additional Information: full citation, abstract, references 



The book describes a connectionist natural language processing system that is designed 
to process script-based narratives: DISCERN (Distributed SCript processing and Episodic 
memoRy Network). At first blush, scripts and a connectionist network might look like a 
strange association. Scripts, which have various ! slots ! , or 'roles,' for stereotypical events 
and objects involved in routine activities, are used as data structures by Schank and 
Abelson (1977) because of their psychological plausibilit ... 

10 Access control model II: A fine-grained, controllable, user-to-user delegation method I I 
in RBAC 

Jacques Wainer, Akhil Kumar 

June 2005 Proceedings of the tenth ACM symposium on Access control models and 
technologies 

Publisher: ACM Press 

Full text available: ^ pdf(1 63.39 KB) Additional Information: full citation , abstract , references , index terms 

This paper addresses the issues surrounding user-to-user delegation in RBAC. We show 
how delegations can be incorporated into the RBAC model in a simple and straightforward 
manner. A special feature of the model is that it allows fine-grained control over what 
rights a user wishes to delegate as opposed to delegation at the role level where all the 
rights of a role must be delegated. In addition, the model provides a rich set of controls 
regarding further delegations of a right, generic constrai ... 
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11 3A: Organization structure based access control model 
Ke-jun Sheng, Ji-qiang Liu, Xin Liu 

November 2004 Proceedings of the 3rd international conference on Information 
security InfoSecu '04 

Publisher: ACM Press 

Full text available: ^ pdf(524.70 KB ) Additional Information: full citation , abstract , references 

The Internet/Intranet information systems have been used by many enterprise and 
government department in their practical routine works today, how to design an access 
control model to ensure the security of their information systems become a first important 
problem. The aim of setting up an organization structure is to accomplish its charged 
tasks. There are many roles corresponding to the job duty needed in an organization 
structure, and a hierarchy relation exists among these roles. In order to ... 

Keywords: access control, component, organization structure based, role, task, trusted 
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